Messages

I just block outgoing access to port 853. I have it in an alias full of ports clients have no business accessing.
The alias is used in a Floating rule to block local nets from accessing ports to !local nets

Hmm

It should run beautifully on it.
Yes if you're going to run bare metal, DO install the OPNsense OS to a disk or disk if you have a PERC card.

I recommend using EFI instead of legacy BIOS/MBR booting.

The rest should load. For some reason whether decided by FreeBSD or Deciso devs, not all network cards will PnP and automatically load their corresponding driver.

You may need to add tunable that tells the underlying OS to load its driver for hardware like your 25Gb cards.

Definitely don't run off USB.

Hi All

I love where the multiple Blocklists we are soon to get in Business Edition.
For my Community installs, there is an appreciable warning about ensuring source nets do not overlap.

When I put in all Class A, B, and C local subnets, the window should allow me to add them.
It appears to prevent me from the GUI, however, if I edit the config, and add the subnets manually.
The system will allow the setting to apply.

Can we remove the edit, but keep the warning about adding source nets of different CIDR /xy sizes?

Attached: One screenshot showing it is possible when re-writing the config file.
The other is the screen edit preventing from doing the same via the web gui.

Thanks

YFA

Also, in case it hasn't been reiterated, you might want to additionally prevent devices like Android and iOS from escaping your DNS and attempting DNS over HTTP.

I recommend using a Floating rule, connected to a URL alias to v4/v6 lists, to keep those devices in check:

https://github.com/crypt0rr/public-doh-servers
https://github.com/oneoffdallas/dohservers/tree/master
https://github.com/dibdot/DoH-IP-blocklists/tree/master

Use a Firewall group to restrict your NAT and the rule above to local Interfaces and not interfere with the Firewall's ability to access DNS resources.

Here is also an older post on the matter:
https://forum.opnsense.org/index.php?topic=33931.0

Watch your Apple users start to hate you haha.

You could put a stock FreeBSD on it, complete with its own EFI partition, then make that a sort of rescue OS for it.

I already put a copy of Memtest86+ with grub on it. The latest release, along with editing the grub.cfg file. It is now possible to enable the serial console to give it some diagnostic ability in a headless environment.

Still all of the above would still fit on a much smaller SSD. I might swap it out for an ssd of 128G or less.

Cheers

For good measure,  i usually go into each interface and specify "Prevent Interface Removal"

I have had great success setting up a OPNsense firewall for each of my clients. I feel they are far better protected than any of the "business" solutions offered by the ISP.

I think this is related,  as that error is the top of what is happening here.

I highly recommend pulling back this release before more folx upgrade their production systems

https://forum.opnsense.org/index.php?topic=43474.0

Hi all

Where are we with this?

I just upgraded both, and this only happens on BE, the most up to date CE appears to be doing just fine.

It's just in my VMs. I'm glad I tried the upgrade, which both succeeded fine. I'll hang back and re-upgrade my 24.4 VM at a later time, try again and make sure it's working fine before I upgrade my main system, as well as of my subscribing clients.

Thank you

There might also be tunables like this they can coerce the Intel chip to cooperate with the modules:

hw.ix.unsupported_sfp
Force Intel driver to use unsupported SFP+ modules. Def: 0             
boot-time
Set the value to: 1

Here is a shot of a rules table

Hi All

I wanted to reach out and discuss the Cicada theme, which is a gorgeous dark mode of the stock theme.

I thought the screen brightness was more dim than usual, however, I am finding reading text a little harder unless I cut out more light in the room.

The change happened on package os-theme-cicada version 1.36, from 1.35 .

It feels like the brightness was affected globally, or like an alpha blending of 0.70 was applied against black as the background. I am not a huge fan of the graphics being all around darker, however, can we make the text a bright white, or at least like in 1.35?

Screenshots attached of BE edition (1.35) and CE 24.1.10_8 (1.36). Not shown, but a applies to CE 24.7.0_5 too.

Thanks

YFA

add an allow rule for the interface shown with the error Default deny / state violation rule

That seems more for a hardware (even if VM) question. What are you using for your VM management?

We'll check that out, or at least a 10 year, aligned with how often we renew domains etc.